Several vulnerabilities have been identified in Cacti.
- cross-site scripting in settings.php. A remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by enticing their victim into following a specially formed link (CVE-2015-2967)
- SQL injection in graphs.php. A remote attacker can exploit it in order to execute arbitrary SQL commands (CVE-2015-4634)
- SQL injection in graph items and graph template items. A remote attacker can exploit it in order to execute arbitrary SQL commands
- SQL injection in data sources. A remote attacker can exploit it in order to execute arbitrary SQL commands
- SQL injection in cdef.php. A remote attacker can exploit it in order to execute arbitrary SQL commands
- SQL injection in data_templates.php. A remote attacker can exploit it in order to execute arbitrary SQL commands
- SQL injection in graph_templates.php. A remote attacker can exploit it in order to execute arbitrary SQL commands
- SQL injection in host_templates.php. A remote attacker can exploit it in order to execute arbitrary SQL commands
Updated, 13/07/2015:
The cacti packets provided by Debian Squeeze 6, Wheezy 7 and Jessie 8 are vulnerable.
Updated, 20/07/2015:
The cacti packages provided by FreeBSD are vulnerable.
